You can use the Jython scripting language to configure the security auditing system with the wsadmin tool. Use the commands and parameters in the AuditEventFactoryCommands group to configure the default or a third-party audit event factory.
The createAuditEventFactory command creates an audit event factory in your security auditing system configuration. You can use the default implementation of the audit event factory or use a third-party implementation. To configure a third-party implementation, use the optional -customProperties parameter to specify any properties necessary to configure the audit event factory implementation.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Optional parameters
Return value
The command returns the shortened reference ID for the newly created audit event factory.
Batch mode example usage
AdminTask.createAuditEventFactory('-uniqueName myeventfactory -className
com.mycompany.myeventfactoryclass -provider AuditServiceProvider_1173199825608
-customProperties a=b -auditFilters AuditSpecification_1184598886859')
AdminTask.createAuditEventFactory(['-uniqueName', 'myeventfactory', '-className',
'com.mycompany.myeventfactoryclass', '-provider', 'AuditServiceProvider_1173199825608',
'-customProperties', 'a=b', '-auditFilters', 'AuditSpecification_1184598886859'])
Interactive mode example usage
AdminTask.createAuditEventFactory()
The deleteAuditEventFactoryByName command deletes the audit event factory implementation in the audit.xml file that matches a specific unique name identifier.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns a value of true if the system successfully deletes the audit event factory.
Batch mode example usage
AdminTask.deleteAuditEventFactoryByName('–uniqueName myeventfactory')
AdminTask.deleteAuditEventFactoryByName(['–uniqueName', 'myeventfactory'])
Interactive mode example usage
AdminTask.deleteAuditEventFactoryByName('-interactive')
The deleteAuditEventFactoryByRef command deletes the audit event factory implementation that matches the reference ID of interest.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns a value of true if the system successfully deletes the audit event factory.
Batch mode example usage
AdminTask.deleteAuditEventFactoryByRef('–eventFactoryRef AuditEventFactory_1184688293515')
AdminTask.deleteAuditEventFactoryByRef(['–eventFactoryRef', 'AuditEventFactory_1184688293515'])
Interactive mode example usage
AdminTask.deleteAuditEventFactoryByRef('–interactive')
The getAuditEventFactory command retrieves the list of attributes for the audit event factory implementation in the audit.xml file for a specific reference id.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
{{name myeventfactory} {properties {{{validationExpression {}} {name a} {description {}} {value b} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#Property_1184688593531} {_Websphere_Config_Data_Type Property} {required false}}}} {className com.mycompany.myeventfactoryclass} {auditServiceProvider auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)} {auditSpecifications DefaultAuditSpecification_1(cells/Node04Cell|audit.xml#AuditSpecification_1173199825608)} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditEventFactory_1184688293515} {_Websphere_Config_Data_Type AuditEventFactory}}
Batch mode example usage
AdminTask.getAuditEventFactory('-eventFactoryRef AuditEventFactory_1184688293515')
AdminTask.getAuditEventFactory(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])
Interactive mode example usage
AdminTask.getAuditEventFactory('-interactive')
The getAuditEventFactoryClass command retrieves the class name of the audit event factory implementation that matches a specific reference ID in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
com.mycompany.myeventfactoryclass
Batch mode example usage
AdminTask.getAuditEventFactoryClass('-eventFactoryRef AuditEventFactory_1184688293515')
AdminTask.getAuditEventFactoryClass(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])
Interactive mode example usage
AdminTask.getAuditEventFactoryClass('-interactive')
The getAuditEventFactoryFilters command retrieves a list of defined filters for the passed-in event factory.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
AUTHN:SUCCESS,AUTHN:INFO,AUTHZ:SUCCESS,AUTHZ:INFO
Batch mode example usage
AdminTask.getAuditEventFactoryFilters('-eventFactoryRef AuditEventFactory_1184688293515')
AdminTask.getAuditEventFactoryFilters(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])
Interactive mode example usage
AdminTask.getAuditEventFactoryFilters('-interactive')
The getAuditEventFactoryName command retrieves the unique name of the audit event factory implementation that matches a specific reference ID in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
myeventfactory
Batch mode example usage
AdminTask.getAuditEventFactoryName('-eventFactoryRef AuditEventFactory_1184688293515')
AdminTask.getAuditEventFactoryName(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])
Interactive mode example usage
AdminTask.getAuditEventFactoryName('-interactive')
The getAuditEventFactoryProvider command retrieves the object name of the audit service provider that a specific audit event factory implementation uses in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)
Batch mode example usage
AdminTask.getAuditEventFactoryProvider('-eventFactoryRef AuditEventFactory_1184688293515')
AdminTask.getAuditEventFactoryProvider(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])
Interactive mode example usage
AdminTask.getAuditEventFactoryProvider('-interactive')
The listAuditEventFactories command retrieves a list of audit event factory objects and their attributes that are defined in the audit.xml file.
The user must have the monitor administrative role to run this command.
Target object
None.
Return value
{{auditSpecifications DefaultAuditSpecification_1(cells/Node04Cell|audit.xml#AuditSpecification_1173199825608) DefaultAuditSpecification_2(cells/Node04Cell|audit.xml#AuditSpecification_1173199825609) DefaultAuditSpecification_3(cells/Node04Cell|audit.xml#AuditSpecification_1173199825610) DefaultAuditSpecification_4(cells/Node04Cell|audit.xml#AuditSpecification_1173199825611)} {name auditEventFactoryImpl_1} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditEventFactory_1173199825608} {_Websphere_Config_Data_Type AuditEventFactory} {auditSpecRef4 AuditSpecification_1173199825611} {properties {}} {auditSpecRef3 AuditSpecification_1173199825610} {className com.ibm.ws.security.audit.AuditEventFactoryImpl} {auditServiceProvider auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)} {auditSpecRef2 AuditSpecification_1173199825609} {auditSpecRef1 AuditSpecification_1173199825608} {auditEventFactoryRef AuditEventFactory_1173199825608} {emitterRef AuditServiceProvider_1173199825608}} {{auditSpecifications myfilter(cells/Node04Cell|audit.xml#AuditSpecification_1184598886859)} {name myeventfactory} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditEventFactory_1184688293515} {_Websphere_Config_Data_Type AuditEventFactory} {className com.mycompany.myeventfactoryclass} {auditServiceProvider auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)} {properties {{{validationExpression {}} {name a} {description {}} {value b} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#Property_1184688293546} {_Websphere_Config_Data_Type Property} {required false}}}} {auditSpecRef1 AuditSpecification_1184598886859} {auditEventFactoryRef AuditEventFactory_1184688293515} {emitterRef AuditServiceProvider_1173199825608}}
Batch mode example usage
AdminTask.listAuditEventFactories()
AdminTask.listAuditEventFactories()
Interactive mode example usage
AdminTask.listAuditEventFactories('-interactive')
The modifyAuditEventFactory command modifies the attributes of the audit event factory implementation that the command references with the reference id.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Optional parameters
Return value
The command returns a value of true if the system successfully updates the security auditing system configuration.
Batch mode example usage
AdminTask.modifyAuditEventFactory('-eventFactoryRef AuditEventFactory_1184688293515 -provider AuditServiceProvider_1173199825608 -customProperties b=c')
AdminTask.modifyAuditEventFactory(['-eventFactoryRef', 'AuditEventFactory_1184688293515', '-provider', 'AuditServiceProvider_1173199825608', '-customProperties', 'b=c'])
Interactive mode example usage
AdminTask.modifyAuditEventFactory('-interactive')
The setAuditEventFactoryFilters command sets the filters for an audit event factory implementation.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns a value of true if the system successfully sets the filters for the audit event factory.
Batch mode example usage
AdminTask.setAuditEventFactoryFilters('-eventFactoryRef AuditEventFactory_1184688293515 -filtersRef AuditSpecification_1173199825608')
AdminTask.setAuditEventFactoryFilters(['-eventFactoryRef', 'AuditEventFactory_1184688293515', '-filtersRef', 'AuditSpecification_1173199825608'])
Interactive mode example usage
AdminTask.setAuditEventFactoryFilters('-interactive')